website/build/nginx.conf

events {}

http {
	gzip on;
	gzip_types *;
	gzip_comp_level 2;
	gzip_min_length 1000;
	gzip_proxied expired no-cache no-store private auth;

	include mime.types;
	upstream server {
		server server:3000;
	}

	map $request_uri $expires {
		default off;
		"~-[0-9a-z]{10}\.js$" 365d;
		"~*(woff|woff2|ttf|eot)$" 365d;
	}

	map $sent_http_content_type $csp {
		default "";
		"~^text/html" "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";
	}

	server {
		# 404 for any request that does match the server names defined below
		listen 80;
		return 404;
	}

	server {
		listen 80;
		autoindex on;
		root /www/data;
		expires $expires;
		server_name www.offen.dev staging.offen.dev;
		add_header Content-Security-Policy $csp;
		add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';
		add_header Referrer-Policy 'origin-when-cross-origin';
		add_header X-Content-Type-Options 'nosniff';
		add_header X-XSS-Protection '1; mode=block';

		location /api/ {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /vault/ {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /auditorium/ {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /script.js {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /healthz {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /versionz {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /normalize.css {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /skeleton.css {
			proxy_pass http://server;
			proxy_redirect off;
		}

		location /favicon.ico {
			root /www/data/theme/images;
		}

		error_page 404 /404.html;
		location = /404.html {
			internal;
			root /www/data;
			add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;
		}
	}
}
add dockerized deployment build 2019-09-04 20:50:53 +02:00			`events {}`

			`http {`
normalize local urls throughout 2019-09-05 11:18:42 +02:00			`gzip on;`
enable gzip compression for all mime types 2019-09-28 17:17:18 +02:00			`gzip_types *;`
normalize local urls throughout 2019-09-05 11:18:42 +02:00			`gzip_comp_level 2;`
			`gzip_min_length 1000;`
			`gzip_proxied expired no-cache no-store private auth;`
add dockerized deployment build 2019-09-04 20:50:53 +02:00
normalize local urls throughout 2019-09-05 11:18:42 +02:00			`include mime.types;`
add dockerized deployment build 2019-09-04 20:50:53 +02:00			`upstream server {`
			`server server:3000;`
			`}`

add conditional cache headers to nginx conf 2019-09-12 16:35:24 +02:00			`map $request_uri $expires {`
			`default off;`
			`"~-[0-9a-z]{10}\.js$" 365d;`
			`"~*(woff\|woff2\|ttf\|eot)$" 365d;`
			`}`

set up content security policy 2019-09-12 20:46:01 +02:00			`map $sent_http_content_type $csp {`
			`default "";`
adjust csp to play nice with dexie in firefox 2019-10-03 10:34:53 +02:00			`"~^text/html" "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'";`
set up content security policy 2019-09-12 20:46:01 +02:00			`}`

add server block for catching non-domain requests 2019-12-14 09:26:02 +01:00			`server {`
			`# 404 for any request that does match the server names defined below`
			`listen 80;`
			`return 404;`
			`}`

add dockerized deployment build 2019-09-04 20:50:53 +02:00			`server {`
			`listen 80;`
			`autoindex on;`
			`root /www/data;`
add conditional cache headers to nginx conf 2019-09-12 16:35:24 +02:00			`expires $expires;`
fix typo in server config 2019-10-29 12:53:43 +01:00			`server_name www.offen.dev staging.offen.dev;`
set up content security policy 2019-09-12 20:46:01 +02:00			`add_header Content-Security-Policy $csp;`
add hsts headers 2019-09-13 08:42:22 +02:00			`add_header Strict-Transport-Security 'max-age=604800; includeSubDomains';`
add additional security related headers to nginx configuration 2019-09-26 16:55:57 +02:00			`add_header Referrer-Policy 'origin-when-cross-origin';`
			`add_header X-Content-Type-Options 'nosniff';`
			`add_header X-XSS-Protection '1; mode=block';`
add dockerized deployment build 2019-09-04 20:50:53 +02:00
			`location /api/ {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
use go app to serve static assets 2019-10-04 18:51:24 +02:00			`}`

			`location /vault/ {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
normalize local urls throughout 2019-09-05 11:18:42 +02:00			`}`

			`location /auditorium/ {`
use go app to serve static assets 2019-10-04 18:51:24 +02:00			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

			`location /script.js {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
add dockerized deployment build 2019-09-04 20:50:53 +02:00			`}`
add nginx config for custom 404 page 2019-10-02 10:52:04 +02:00
fix double handling of api requests 2019-10-04 19:49:19 +02:00			`location /healthz {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

fix nginx locations 2019-10-10 09:46:04 +02:00			`location /versionz {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

			`location /normalize.css {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

			`location /skeleton.css {`
			`proxy_pass http://server;`
			`proxy_redirect off;`
			`}`

further clean up routing logic 2019-10-06 13:52:45 +02:00			`location /favicon.ico {`
			`root /www/data/theme/images;`
			`}`

add nginx config for custom 404 page 2019-10-02 10:52:04 +02:00			`error_page 404 /404.html;`
			`location = /404.html {`
			`internal;`
			`root /www/data;`
			`add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive" always;`
			`}`
add dockerized deployment build 2019-09-04 20:50:53 +02:00			`}`
			`}`